Technical Information
To ensure autorun and distribution:
Creates the following files on removable media:
- <Drive name for removable media>:\AutoRun.inf
- <Drive name for removable media>:\USBWorm.exe
Malicious functions:
Creates and executes the following:
- <SYSTEM32>\USBWorm.exe
Executes the following:
- <SYSTEM32>\cmd.exe /c c:\KILLER.BAT
- <SYSTEM32>\format.com D: /q /x /y
- <SYSTEM32>\format.com Z: /q /x /y
- <SYSTEM32>\cmd.exe /c bat.bat
- %WINDIR%\explorer.exe C:\
- <SYSTEM32>\reg.exe import key.reg
Modifies file system :
Creates the following files:
- <Current directory>\FUKIHO.TSQ
- <Current directory>\MXQJKM.GZB
- <Current directory>\OYRTMN.IBC
- <Current directory>\SCVXQR.MFG
- <Current directory>\HWUTAY.ECJ
- <Current directory>\KAHFML.QPW
- <Current directory>\KDNPIJ.EFY
- <Current directory>\TIPOVT.ZXE
- <Current directory>\VGZSTV.PIK
- <Current directory>\TAQONU.RPW
- <Current directory>\TDWPRS.NGH
- <Current directory>\JZGELK.PWV
- <Current directory>\MCJQON.SZY
- <Current directory>\VOZALE.HAK
- <Current directory>\KVOHIK.EXZ
- <Current directory>\BMFYZB.VXQ
- <Current directory>\UFYZSU.OQJ
- <Current directory>\IPEDKI.OMT
- <Current directory>\QGNLSR.WVC
- <Current directory>\FUBAHF.LJQ
- <Current directory>\KZGFMK.QOV
- <Current directory>\ZOVCBZ.FMK
- <Current directory>\TMWYZS.NOQ
- <Current directory>\DNGIBC.XQR
- <Current directory>\BIGFMK.HON
- <Current directory>\VCSQPN.KRQ
- <Current directory>\DOHATM.GIB
- <Current directory>\TMWYRS.NOH
- <Current directory>\ACNXZS.MOH
- <Current directory>\UKRPWV.AZG
- <Current directory>\UFYRSU.OHJ
- <Current directory>\TEXQRT.NGI
- <Current directory>\OYJKMF.ZBC
- <Current directory>\NXQSLM.HAT
- <Current directory>\JTMFHA.MNG
- <Current directory>\MWPIKL.GZA
- <Current directory>\MCJHON.SRY
- <Current directory>\MWPRKL.GZA
- <Current directory>\DOHIBD.XZS
- <Current directory>\RBMNPI.LEF
- <Current directory>\YRBDWX.STM
- <Current directory>\UBRPWV.AZG
- <Current directory>\SLVXYR.UNP
- <Current directory>\CVGHAT.OHI
- <Current directory>\FVKJHO.LSR
- <Current directory>\BUEGZA.MFH
- <Current directory>\HXMLJQ.WUT
- <Current directory>\CRHFEL.IPN
- <Current directory>\JTMOHI.DWX
- <Current directory>\TDOPRK.EGZ
- <Current directory>\JZGELK.POV
- <Current directory>\UBQPNU.AYF
- <Current directory>\XHALMF.ATM
- <Current directory>\GFEDCB.ZYX
- <Current directory>\KUNPIJ.EXY
- <Current directory>\XQALMO.IBD
- <Current directory>\MBIPOM.SQX
- <Current directory>\TDWYRS.NGH
- <Current directory>\AQXVCB.GFM
- <Current directory>\YITUWP.JLE
- <Current directory>\IXEDKI.OMT
- <Current directory>\BIYWVC.HGE
- <Current directory>\NDKIPO.TAZ
- <Current directory>\WDTRYX.CBI
- <Current directory>\RBUWPQ.LEF
- <Current directory>\YJCVWY.SLN
- <Current directory>\DTAYFE.JIP
- <Current directory>\FVCAHG.LKR
- <Current directory>\EUBZGF.KJQ
- <Current directory>\KIPOVT.ZXE
- <Current directory>\PAKMFG.BCV
- <Current directory>\ITMFGI.CVX
- <Current directory>\NYRKLN.HAT
- C:\USBWorm.exe
- C:\KILLER.BAT
- <Current directory>\HRKMFG.BUV
- <Current directory>\JUNGHJ.DWY
- <Current directory>\SDNPQJ.EFH
- <Current directory>\PZSUNO.JCD
- C:\AutoRun.inf
- <Current directory>\FYJKDF.ZBU
- <Current directory>\YOVCAZ.EDK
- <Current directory>\ODKJQO.USZ
- <Current directory>\YOVTAZ.EDK
- <Current directory>\GQJLEF.AKM
- <Current directory>\HWDCAH.ELK
- <Current directory>\TJQOVU.ZYF
- <Current directory>\IYFDKJ.ONU
- <Current directory>\QBUNOQ.KDF
- <Current directory>\BRGFDK.HON
- <Current directory>\UJQPWU.AYF
- <Current directory>\LWPIJL.FYA
- <Current directory>\EOHJCD.YRS
- <Current directory>\bat.bat
- <Current directory>\key.reg
- <Current directory>\APWVCA.GEL
- <Current directory>\QJTVOP.KLE
- <Current directory>\ZPWUBA.FEL
- <Current directory>\EOHATM.HIK
- <Current directory>\SDWPQS.MFH
- <Current directory>\SDWPQJ.MFH
- <Current directory>\AUNXQS.MOH
- <SYSTEM32>\USBWorm.exe
- <Current directory>\RGNMTR.XVC
- <Current directory>\FPIKDE.ZST
- <Current directory>\UEPQSL.OHI
- <Current directory>\UJQPWU.RYX
- <Current directory>\MTJHGN.KIP
- <Current directory>\VLSQXW.BAH
- <Current directory>\ZOVUBZ.FDK
- <Current directory>\ISLNGH.LMO
- <Current directory>\CMFHAK.FGI
- <Current directory>\NGQSTM.PIK
- <Current directory>\DNGZBC.XQR
- <Current directory>\WLSRYW.CAH
- <Current directory>\XMTSZX.DBI
- <Current directory>\BIXWUB.HFM
- <Current directory>\CSZXED.IHO
- <Current directory>\FDKJQO.USZ
- <Current directory>\ZGWUTA.FEC
- <Current directory>\DSZYFD.JHO
- <Current directory>\OZSLMO.IBD
- <Current directory>\HAKVWP.KLN
- <Current directory>\PELKRP.VTA
- <Current directory>\VFYAKD.YZB
- <Current directory>\RBMNPI.CEX
- <Current directory>\BLEGZA.EFH
- <Current directory>\CMFYAK.FGI
- <Current directory>\YNUTAY.ECJ
- <Current directory>\BRYWDC.HGN
- <Current directory>\FVCAHG.LSR
- <Current directory>\KAHOML.QPW
- <Current directory>\SDWXZS.VOP
- <Current directory>\XIBUVX.RKM
- <Current directory>\UNXZST.OPI
- <Current directory>\YNDBAH.MLJ
- <Current directory>\YIBDWX.SLM
- <Current directory>\EXHJCD.YZS
- <Auxiliary element>
- <Current directory>\UEXZST.OHI
- <Current directory>\QATEXY.KDF
Sets the 'hidden' attribute to the following files:
- <Drive name for removable media>:\USBWorm.exe
- <Drive name for removable media>:\AutoRun.inf
- C:\AutoRun.inf
- <SYSTEM32>\USBWorm.exe
- C:\USBWorm.exe
Deletes the following files:
- <Current directory>\key.reg
Miscellaneous:
Searches for the following windows:
- ClassName: '' WindowName: ''